WinRT存储RSA私钥

Question

In my WinRT application I must store private key for later decryption. In another applications there was RSACryptoServiceProvider, which I used:

 CspParameters cspParams = new CspParameters();

 cspParams.KeyContainerName = ContainerName;

 RSACryptoServiceProvider RSAalg = new RSACryptoServiceProvider(cspParams);

 RSAalg.PersistKeyInCsp = true;

but in WinRT are another classes in another namespace. I'm looking for alternative how to store private key in container (or another safe place).

I have spent a lot of time looking for the safest solution, but I find only few sites which could be usefull, eg:

http://www.rahulsingla.com/blog/2011/04/serializing-deserializing-rsa-public-private-keys-generated-using-bouncy-castle-library

where is suggestion to keep decrypted private key (probably in file). Is it safe?

I found CertificateEnrollmentManager class in Windows.Security.Cryptography.Certificates too. But I can't understand how use this class to save certificate in KSP and encrypt/decrypt data by certificate.

Answer 1

Windows stores private keys in \\Documents and Settings\\\\Application Data\\Microsoft\\Crypto\\RSA and requires that they be protected with a password.

The bottom line is that you want your private keys to be safe. In some cases that means they can be stored on your hard drive. In other cases it means they should be stored in two-person access controlled safes with armed guards out front. It just depends what's riding on any possible exposure.